Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hi, I've been trying to play some games on my computer recently and have been prevented from doing so by what seems to be a rootkit. Every time I try to open literally any anti-malware or anti-rootkit program I can find, they are all prevented from opening with the message "The requested resource is in use." I've followed numerous other tutorials on how to remove rootkits and none have worked as the programs that they tell me to use are all blocked by the rootkit including Malwarebytes, RKill and the Malwarebytes Anti-Rootkit program. I am seriously at a loss here knowing there's a very s
  2. So i was doing an AVG scan yesterday and found out i had 40 line hook viruses that cannot be removed. i Then scanned later and they were gone. Then i scanned again and they were back. since then i have switched from avg to avast and so far avast hasn't detected it and i have done multiple scans so far of everything possible to scan. I really need help getting rid of them all as im pretty sure they are all still there. Thanks for reading Hootis
  3. when trying to run any malware/virus cleaning programs this error occurs, "The requested resource is in use".
  4. Hello, I have issue with Initialpage 123 browser hijacker who has infected the chrome browser and I also use firefox which seems free from it now. I used Malwarebytes trial, Unhackme and Adware cleaner. I checked all the processes and startups and registry and found something that might be associated and deleted. I found the Initialpage123 software in the program list but Windows10 and CCleaner could not remove it. Tried to remove from folder called Fehadon. Today found folder named .mus removed that. I also found local64SPL.dll and deleted. Its not first time i experience browser
  5. Hello malware bytes just detected a file known as: Unknown.rootkit.driver which seemed to have infected: C:\WINDOWS\System32\drivers\agilevpn.sys i am wondering if this is a false positive? These are the logs: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/20/17 Scan Time: 11:27 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: 1.0.75 Update Package Version: 1.0.1549 License: Free -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: LAURIDS-PC\La
  6. My data usage quadrupled in a month. Checked windows data usage and it said "SYSTEM" used 332gbs in the past month. Knew something was up. Ran a bunch of scans, plus I have norton, nothing. Disconnected router to scan wifi devices. Hooked the router back up and something started trying to call out. MBAM caught it, norton did not. Ran a scan and sure enough...(see att 1)lksdfk;las.txt Im also attaching the FRST. Lets see if anythings left.sdfhhseghsd.txt
  7. Greetings. I was wondering if the option to scan for rootkits is supposed to be accessible for free users. No matter what I do, it still shows as disabled in the reports. Summary.txt MB-CheckResults.txt
  8. So I'm infected with a rootkit and I've tried to remove myself, but I haven't been successful, it restricts access to malwarebytes and malwarebytes rootkit removal. I get the message " requested resource is in use" when I try to open an .exe such as malwarebytes. I've tried going into safe mode to delete the infected files but the virus still works in safe mode and prevents me from doing anything to try and remove it. Any help would be appreciated thanks!
  9. I have rootkit detection enabled on Windows 10 (all updates applied) and MWB3 (Premium). All well for several months, but in last two days the following files associated with Bluetooth drivers, have been "detected" and have been quarantined. c:\windows\system32\drivers\bthenum.sys and c:\windows\system32\drivers\bthusb.sys After quarantine, one (bthenum.sys) re-appeared the next day and has been quarantined again in a subsequent scan. I have turned off rootkit scanning temporarily, but wonder if anyone else has experienced the same "problem". Is this a real or fa
  10. Hey guys, sorry about necro-ing this thread but I do have the exact same issue as EniNeu A scan with GMER reveals this as well : Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! I am wondering if I should attempt deletion through GMER or if there is a better way. Just in case thi
  11. I somehow got these trojan files on my computer through a download, and while I would normally just run MBAR to fix them whenever I try to run any AV software besides Emsisoft Emergency Kit it pops up and says the requested resource is in use; booting into non safe mode leads to a BSOD saying IRQL DRIVER NOT LESS THAN OR EQUAL about 30 seconds after logging in. This is what EEK outputs in the logs: Emsisoft Emergency Kit - Version 2017.2 Last update: 4/15/2017 02:47:34 User account: DESKTOP-OF8ED87\REAL NAME Computer name: DESKTOP-OF8ED87 OS version: Windows 10x64 Sca
  12. So, recently, my computer BSODed and I managed to fix that problem by messing around with service settings. However, now, when I try to install any antivirus, It says that the resource is in use, even right after a reboot. I believe this is a rootkit, because it happens in safe mode as well. I am attaching the FRST logs from a scan. Addition.txt FRST.txt
  13. having the same issue.. ongoing since January I think. or December. This didn't work.
  14. What is Adware.Yelloader? The Malwarebytes research team has determined that Adware.Yelloader is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Adware.Yelloader? This adware is installed as a rootkit, so you may notice no other signs besides the unexplainable advertisements. This one also disables a long list of security programs. Doctor Web Ltd. Check Point Software Technologies Ltd. VIRUSBLOKADA ODO Beijing Kingsoft Security so
  15. Note Updated on October 27, 2017 If you are trying to start Malwarebytes and you receive an error message that the resource is already in use then you may be infected with Adware.Yelloader. Please follow the instructions below to remove the infection. 1. Download version Malwarebytes Anti Rootkit (MBAR) https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z 2. Run the exe as administrator by right clicking and select run as administrator. Click ok to extract. If Mbar wont run please download the zip copy from this article and f
  16. I've run mbar, and I get the same message- 'The requested resource is in use'. I can't open Malwarebytes and Chameleon isn't working either. Addition.txt FRST.txt
  17. After upgrading to Malwarebytes (MB) 3.0.6 Premium, a scan would hang (stop processing) on a few files (i.e. item 517 or 518 or etc.) if rootkits were included in the scan. Googling this issue led me to think it had something to do with Macrium Reflect (MR) Backup Software. When I upgraded MR from version 6 to version 7, I thought the problem would go away. Not the case as the problem persisted. Followed all the advice from MB Support but no avail. Then one day, a patch was available for MR. MB scan with rootkit successfully executed. I thought the problem was fixed BUT after a reboot t
  18. I previously posted in early February that Malwarebytes 3.06 would hang when scanning with rootkits enabled. Malwarebytes support had been looking into the issue for many weeks. In the end, the issue was related to a conflict between Malwarebytes and Macrium Reflect Backup Software. Macrium Reflect released a series of patches to their new updated version 7 software. An unrelated patch to this software released March 16th, 2017 fixed the issue. With Macrium Reflect updated to v7.0.2079, the issue has been resolved. I've passed information to the Malwarebyte support folks so they at leas
  19. I'm trying to remove SysWOW64 because it has been causing problems for me, I have tried giving my account full control but no dice, I need help because i've been living with this virus for MONTHS, please, any help would be appreciated! SysWOW is in my Windows folder and it's not hidden, I just can't delete it.
  20. On starting my computer I get the error message "Malwarebytes was unable to load anti-Rootkit Driver. Error code 20025. Do you want to continue the scan without anti-rootkit support?" I get the same error message if I start a scan, after it finishes checking for updates. I'm using WIndows 7 Professional SP1 64-Bit, and MBAM Licensed (Premium) C:\ProgramData\Malwarebytes\MBAMService\logs is attached as requesed. Logs.zip
  21. Okay, I think this is probably my first post on the forums, so I apologize for being a noob and doing whatever annoying things noobs do before they get a clue. That said, I am pretty positive I have a rootkit. It's a quiet and crafty sort; from the beginning there were no obvious signs of infection, there wasn't any slowing or memory leaking, no unusual traffic noted. I felt like something was off, but I couldn't pinpoint what until I got the first warning message from MBAM (see Exploit Blocking below). Now I notice that all my desktop icons are rearranged and suddenly there is a bit of dead s
  22. My older computer kept getting this Boost_interprocess folder in my appdata file.It would remain on the computer even through completely wiping my whole computer, flashing bios, flashing firmware. I got a new laptop a couple weeks ago. My main harddrive keeps filling up with multiple gb worth of temp files and folder. Many of which are like mp4 files from the edge browser. I do not download anything only watch youtube videos, do moderate gaming, and visual studio and C++ programming on this laptop. The boost_interprocess folder appeared along with I also noticed I have a PreEmptivesolutions
  23. So recently I downloaded a program called Hitfilm pro 2017 and I cant open it because of the memory and some time a program will freeze my computer alot I need some help!
  24. I am pretty positive I have a rootkit. It's a quiet and crafty sort; from the beginning there were no obvious signs of infection, there wasn't any slowing or memory leaking, no unusual traffic noted. I felt like something was off, but I couldn't pinpoint what until I got the first warning message from MBAM 3.0.6 Premium (see Exploit Blocking below). Now I notice that all my desktop icons are rearranged on relog and suddenly there is a bit of dead space at the bottom where I can no longer move any icons, though that's kind of the least of my worries. Sometimes the screen sort of freezes, almost
  25. Recently I've been having a popup that states Malwarebytes has detected and blocked an exploit. When I view the report, there is nothing available. I have rebooted my system several times. Inside the MalwareBytes tool, I am not able to enable the Web Protection setting. While whatever is happening on my system, it seems MalwareBytes is blocking it, but it is my best interest to remove whatever rootkit, or malware is loaded on my system. I am currently running the Malwarebytes Anti-Rootkit and once completed I will upload the logs. MB-CheckResult.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.